neoxia / laravel-openssl-encryption Goto Github PK
View Code? Open in Web Editor NEWLaravel 4 encryption package that uses the PHP openssl extension
Laravel 4 encryption package that uses the PHP openssl extension
The HMAC comparison is susceptible to timing attacks. A better implementation of comparison should be used to prevent this information from being leaked.
https://en.wikipedia.org/wiki/Timing_attack
A simple fix would be:
if (! \Symfony\Component\Security\Core\Util\StringUtils::equals($this->hash($payload['value']), $payload['mac'])) {
throw new DecryptException("MAC for payload is invalid.");
}
I'm getting this error when trying to run "composer update" on laravel 4.2
Problem 1
- Conclusion: remove laravel/framework v4.2.6
- Conclusion: don't install laravel/framework v4.2.6
- Conclusion: don't install laravel/framework v4.2.5
- Conclusion: don't install laravel/framework v4.2.4
- Conclusion: don't install laravel/framework v4.2.3
- Installation request for neoxia/laravel-openssl-encryption 1.0.* -> satisfiable by neoxia/laravel-openssl-encryption[1.0].
- Conclusion: don't install laravel/framework v4.2.2
- Conclusion: don't install laravel/framework v4.2.1
- neoxia/laravel-openssl-encryption 1.0 requires illuminate/encryption 4.0.x -> satisfiable by illuminate/encryption[v4.0.0, v4.0.1, v4.0.10, v4.0.2, v4.0.3, v4.0.4, v4.0.5, v4.0.6, v4.0.7, v4.0.8, v4.0.9].
- don't install illuminate/encryption v4.0.0|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.1|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.10|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.2|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.3|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.4|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.5|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.6|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.7|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.8|don't install laravel/framework v4.2.0
- don't install illuminate/encryption v4.0.9|don't install laravel/framework v4.2.0
- Installation request for laravel/framework 4.2.* -> satisfiable by laravel/framework[v4.2.0, v4.2.1, v4.2.2, v4.2.3, v4.2.4, v4.2.5, v4.2.6].
and this one when running "composer install"
PHP Fatal error: Class 'Neoxia\LaravelOpensslEncryption\LaravelOpensslEncryptionServiceProvider' not found in /Users/lucoceano/Documents/Projects/trip-server/google-cloud-sdk/trip/bootstrap/compiled.php on line 4219
{"error":{"type":"Symfony\\Component\\Debug\\Exception\\FatalErrorException","message":"Class 'Neoxia\\LaravelOpensslEncryption\\LaravelOpensslEncryptionServiceProvider' not found","file":"\/Users\/lucoceano\/Documents\/Projects\/trip-server\/google-cloud-sdk\/trip\/bootstrap\/compiled.php","line":4219}}Script php artisan clear-compiled handling the post-install-cmd event returned with an error
[RuntimeException]
Error Output: PHP Fatal error: Class 'Neoxia\LaravelOpensslEncryption\LaravelOpensslEncryptionServiceProvider' not found in /Users/lucoceano/Documents/Projects/trip-ser
ver/google-cloud-sdk/trip/bootstrap/compiled.php on line 4219
is there any issue because I'm using laravel 4.2?
thanks
HMAC is currently missing the IV to help prevent modification of the IV.
A signature like this would be preferable:
protected function hash($iv, $value)
{
return hash_hmac('sha256', $iv.$value, $this->key);
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.